VDB

RHSA-2026%3A28133

RHSA-2026%3A28133 PUBLISHED CVSS 8.199999809265137 HIGH

A flaw was found in Vim. A modeline is used to set specific editor options directly from a text file. However, the `complete`, `guitabtooltip`, `printheader` options and the `mapset` function lack proper security checks, allowing an attacker to bypass restrictions and cause arbitrary OS command execution.

Risk Scores

CVSS 3.1
8.199999809265137
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

Affected Products

VendorProductVersions
Red Hatvim-enhanced-2:8.2.2637-20.el9_2.2.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)8.2.2637-20.el9
Red Hatvim-minimal-debuginfo-2:8.2.2637-20.el9_2.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)8.2.2637-20.el9
Red Hatvim-enhanced-2:8.2.2637-20.el9_2.2.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)8.2.2637-20.el9
Red Hatvim-enhanced-2:8.2.2637-20.el9_2.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)8.2.2637-20.el9
Red Hatvim-common-2:8.2.2637-20.el9_2.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)8.2.2637-20.el9
Red Hatvim-common-2:8.2.2637-20.el9_2.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)8.2.2637-20.el9
Red Hatvim-minimal-debuginfo-2:8.2.2637-20.el9_2.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)8.2.2637-20.el9
Red Hatvim-enhanced-2:8.2.2637-20.el9_2.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)8.2.2637-20.el9
Red Hatvim-X11-2:8.2.2637-20.el9_2.2.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)8.2.2637-20.el9
Red Hatvim-X11-debuginfo-2:8.2.2637-20.el9_2.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)8.2.2637-20.el9
Red Hatvim-2:8.2.2637-20.el9_2.2.src as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)8.2.2637-20.el9
Red Hatvim-enhanced-debuginfo-2:8.2.2637-20.el9_2.2.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)8.2.2637-20.el9
Red Hatvim-X11-debuginfo-2:8.2.2637-20.el9_2.2.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)8.2.2637-20.el9
Red Hatvim-debugsource-2:8.2.2637-20.el9_2.2.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)8.2.2637-20.el9
Red Hatvim-common-debuginfo-2:8.2.2637-20.el9_2.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)8.2.2637-20.el9
Red Hatvim-debuginfo-2:8.2.2637-20.el9_2.2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)8.2.2637-20.el9
Red Hatvim-common-2:8.2.2637-20.el9_2.2.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)8.2.2637-20.el9
Red Hatvim-minimal-2:8.2.2637-20.el9_2.2.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)8.2.2637-20.el9
Red Hatvim-filesystem-2:8.2.2637-20.el9_2.2.noarch as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)8.2.2637-20.el9
Red Hatvim-common-debuginfo-2:8.2.2637-20.el9_2.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)8.2.2637-20.el9

…and 64 more

Timeline

  • Jun 23, 2026 CVE Published
  • Jun 23, 2026 CVE Updated
  • Jun 23, 2026 Distribution Patch
  • Jun 23, 2026 Distribution Patch
  • Jun 23, 2026 Security Advisory
  • Jun 23, 2026 Security Advisory
  • Jun 23, 2026 Security Advisory
  • Jun 23, 2026 Security Advisory
  • Jun 23, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›